package com.cskaoyan.config;

import com.cskaoyan.shiro.CustomSessionManager;
import com.cskaoyan.shiro.MyAuthenticationFilter;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.servlet.Filter;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setLoginUrl("/admin/auth/unauthc"); //认证失败重定向的url
        //过滤掉options的请求
        Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();

        //
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        //对请求过滤
        //key 请求  value 过滤器
        //linked 有序的， 因为过滤是按顺序的
        LinkedHashMap<String, String> filterMap = new LinkedHashMap<>();
        filterMap.put("/admin/auth/login","anon");//登录不需要权限就能访问
        filterMap.put("/wx/auth/login","anon");
        filters.put("authc", new MyAuthenticationFilter());//将自定义 的FormAuthenticationFilter注入shiroFilter中
//        filterMap.put("/admin/auth/info","anon");
        filterMap.put("/admin/auth/unAuthc","anon");//重定向不需要权限就能访问
        filterMap.put("/wx/**","anon");
//        filterMap.put("/**","perms[1]"); //设置权限
        filterMap.put("/admin/**","authc");//其他所有都需要认证才能访问，按顺序写，才能保证不阻断login
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
        //login(username,password) success
        //失败则重新登录
        return  shiroFilterFactoryBean;
//        return  null;
    }

    @Bean
    public DefaultWebSecurityManager securityManager(AdminRealm adminRealm,
                                                     DefaultWebSessionManager webSessionManager,
                                                     CustomAuthenticator authenticator){
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setRealm(adminRealm);
        defaultWebSecurityManager.setSessionManager(webSessionManager);
        defaultWebSecurityManager.setAuthenticator(authenticator);
        return defaultWebSecurityManager;
    }


    /*
     * DefaultWebSessionManager
     * */
    @Bean
    public DefaultWebSessionManager sessionManager(){
        //这里需要 重新定义getSession方法
        CustomSessionManager customSessionManager = new CustomSessionManager();

        /*
        也可以在这里对Session进行一些限制
        删除失效的session
        customSessionManager.isDeleteInvalidSessions();
        设置Session过期时间
        customSessionManager.setTimeout();
        */
        customSessionManager.isDeleteInvalidSessions();
        customSessionManager.setGlobalSessionTimeout(3600000L);
        return customSessionManager;
    }

    /*
     * AuthorizationAttributeSourceAdvisor
     * */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager defaultWebSecurityManager){
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(defaultWebSecurityManager);
        return authorizationAttributeSourceAdvisor;
    }

    @Bean
    public CustomAuthenticator authenticator(AdminRealm adminRealm,WxRealm wxRealm){
        CustomAuthenticator customAuthenticator = new CustomAuthenticator();
        ArrayList<Realm> realms = new ArrayList<>();
        realms.add(adminRealm);
        realms.add(wxRealm);
        customAuthenticator.setRealms(realms);
        return customAuthenticator;
    }

}
